US10063548B1ActiveUtility

System, method, and program product for processing secure transactions within a cloud computing system

95
Assignee: WINKLEVOSS IP LLCPriority: Jan 26, 2015Filed: Feb 27, 2018Granted: Aug 28, 2018
Est. expiryJan 26, 2035(~8.5 yrs left)· nominal 20-yr term from priority
H04L 63/123H04L 63/0807H04L 63/0815H04L 63/0884H04L 9/0637H04L 9/3242H04L 63/126H04L 9/3247H04L 9/321G06F 21/64G06F 21/41
95
PatentIndex Score
10
Cited by
21
References
8
Claims

Abstract

Particular systems, methods, and program products for web-based security systems for user authentication and processing in a distributed computing environment are disclosed. A computing sub-system may receive an electronic processing request and a first signed data packet having a first payload that was hashed and encrypted using a first private key. The first payload may comprise first processing output and a first timestamp. The sub-system may verify the first signed data packet by decrypting it using a first public key. The sub-system may execute computing operations to satisfy the electronic processing request, producing second processing output. The sub-system may configure a data packet with a second payload comprising at least the second processing output and a second timestamp. The sub-system may encrypt the second payload using a second private key producing a second signed data packet. The sub-system may transmit to a second sub-system the second signed data packet.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A system comprising:
 (1) one or more processors; 
 (2) non-transitory computer-readable memory operatively connected to the one or more processors, the non-transitory computer-readable memory having stored thereon machine-readable instructions that, when executed by the one or more processors, cause the one or more processors to perform a method comprising:
 (a) sending, by a user device, an electronic login request to a web server; 
 (b) receiving, at the user device, first display data from the web server in response to the login request; 
 (c) displaying, at the user device, the first display data; 
 (d) receiving, at the user device, credential information associated with a user of the user device provided in response to the first display data; 
 (e) transmitting, from the user device, the credential information to the web server; 
 (f) receiving, from the web server, second display data and a first signed identity provider data packet including a first payload comprising first login credential verification information, a first timestamp, a session identifier, and a first identity provider sub-system digital signature, wherein the first signed identity provider data packet provides an indication that a user session is authenticated and is signed with a first identity provider sub-system digital signature that is generated by generating a hash of the first payload and encrypting the hash of the first payload using a first identity provider sub-system private key; 
 (g) displaying, at the user device, the second display data; 
 (h) storing, at the user device, the first signed identity provider data packet; 
 (i) providing, at the user device, user data associated with the user after display of the second display data; 
 (j) transmitting, to the web server, the user data and the first signed identity provider data packet; 
 (k) receiving, from the web server, a second signed identity provider data packet including a second payload comprising a current time stamp, authentication verification information, user identification information and session identification information and third display data, where the authentication verification information is provided from a first sub-system and is signed with a second identity provider sub-system digital signature that is generated by generating a hash of the second payload and encrypting the hash of the second payload using the first identity provider sub-system private key; 
 (l) displaying, at the user device, the third display data; and 
 (m) storing, at the user device, the second signed identity provider data packet. 
 
 
     
     
       2. The system of  claim 1 , where the step of sending an electronic login request comprises:
 (i) navigating, using the user device, to a URL; and 
 (ii) selecting, using the user device, a login user interface. 
 
     
     
       3. The system of  claim 1 , wherein the first display data comprises machine-readable instructions to render a graphical user interface for inputting the credential information. 
     
     
       4. The system of  claim 1 , wherein the credential information comprises a username and password associated with the user of the user device. 
     
     
       5. The system of  claim 1 , wherein the second display data comprises machine-readable instructions to render a webpage. 
     
     
       6. The system of  claim 1 , wherein the user data is multi-factor authentication data associated with the user of the user device. 
     
     
       7. The system of  claim 1 , wherein the third display data comprises machine-readable instructions to render content of a distributed computer system to which the web server is connected and access to which is dependent on authentication of the user using the user data. 
     
     
       8. The system of  claim 1 , further comprising steps of:
 (n) transmitting, from the user device, an electronic user request and the second signed identity provider data packet; 
 (o) receiving, from the web server, fourth display data and a third signed identity provider data packet including a third payload comprising a second current time stamp, a session identifier, user identifier and verification information; 
 (p) rendering, at the user device, a display based on the fourth display data; and 
 (q) storing, at the user device, the third signed identity provider data packet.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.